Severity
High
Analysis Summary
CVE-2025-26629 CVSS:7.8
Microsoft Office could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
CVE-2025-24082 CVSS:7.8
Microsoft Office Excel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
CVE-2025-24083 CVSS:7.8
Microsoft Office could allow a local attacker to execute arbitrary code on the system, caused by an untrusted pointer dereference vulnerability
CVE-2025-24080 CVSS:7.8
Microsoft Office could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
CVE-2025-24079 CVSS:7.8
Microsoft Office could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
CVE-2025-24077 CVSS:7.8
Microsoft Office Word could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
CVE-2025-24078 CVSS:7.8
Microsoft Office Word could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free vulnerability
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-26629
CVE-2025-24082
CVE-2025-24083
CVE-2025-24080
CVE-2025-24079
CVE-2025-24077
CVE-2025-24078
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Office LTSC for Mac 2021 - 16.0.1
- Microsoft Microsoft Office LTSC 2024 - 1.0.0
- Microsoft Office LTSC for Mac 2024 - 1.0.0
- Microsoft Office LTSC 2024 - 1.0.0
- Microsoft Excel 2016 - 16.0.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.